Thales e-Security

Overview

Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group, learn more at:

Vormetric Product Line

Vormetric Data Security Platform

The Vormetric Data Security Platform makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirement at the lowest TCO.

The Vormetric Data Security Manager (DSM) is at the heart of the Thales e-Security product line. The DSM provisions and manages keys for the Vormetric Data Security Platform and manages keys and certificates for third-party devices.

Transparent Implement data-at-rest encryption and access controls without changes to applications and business processes—significantly reducing the cost of encryption deployment and operation.

Scalable Scaling to deployments of 10's of thousands of servers, the Vormetric Transparent Encryption solution is available for Windows, Linux, and Unix platforms, and can be used across physical, cloud, container and big data environments.

Meet Compliance and Best Practice Requirements Encryption, access controls and data access logging are basic requirements or recommended best practices for almost all compliance and data privacy standards and mandates, including PCI DSS, HIPAA/Hitech, GDPR and many others.

Live Data Transformation Extension

Deployment and management of data-at-rest encryption can present challenges when transforming clear-text to cipher-text, or when rekeying data that has already been encrypted. Traditionally, these efforts required planned downtime, or they required labor-intensive data cloning and synchronization efforts. Vormetric Transparent Encryption Live Data Transformation eliminates these hurdles, enabling encrypt and rekey with unprecedented uptime and efficiency.

Improve Security and Data Availability Encrypting and re-keying data without taking applications offline allows deployment of data security controls to applications along with business continuity and high availability.

Reduce The Operational Costs of Encryption In the past, critical applications had to be taken offline for initial encryption of data and encryption maintenance, with substantial operational costs - Not any more.

Encrypt sensitive assets in SAP Hana environments, without having to make any changes to SAP Hana or associated applications and infrastructure. Retain Control in the Cloud

Encrypt data in cloud environments and other multi-tenant infrastructures, while retaining custodianship of encryption keys.

Security Intelligence Logs

Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data need to build behavioural patterns required for identification of suspicious usage by authorized users.

Boost Visibility Produces an auditable trail of permitted and denied access attempts from users and processes.

Strengthens Data Security Uncover anomalous process and user access patterns that could point to an APT attack or malicious insider activities.

Vormetric Application Encryption

With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.

Streamline Encryption Implementations The application encryption solution simplifies the process of adding encryption to applications. Developers use Java, .NET, or C libraries to facilitate communication between applications and encryption agents

Secure Cloud and Big Data Environments With the application encryption solution, you can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.

Simplifies Encryption Deployments Enables efficient encryption of specific fields and columns in Teradata databases, and can encrypt sensitive records without altering their format or field schemas.

Centralizes Key and Policy Management Works seamlessly with the Vormetric Data Security Manager, so you can centrally manage keys and access policies for encryption products from Thales e-Security and other vendors.

General Purpose HSMs

Thales e-Security nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.

nShield Connect

nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.

Highly flexible architecturenShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.

Process more data fasternShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.

Protect your proprietary applications and data

nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

nShield Solo HSMs

nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.

The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.

Highly flexible architecture All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.

Process more data faster nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.

Protect your proprietary applications and data

nShield Solo HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

nShield Edge

The nShield Edge is a full-featured, portable HSM designed for low-volume transaction environments. This USB-connected device delivers capabilities for encryption and key protection, and is ideally suited for off-line key generation for certificate authorities (CAs) as well as development environments.

High volume SSL encryption/decryption is a resource intensive process that impacts web server performance. F5 BIG-IP efficiently manages high volume SSL traffic by terminating connections in a dedicated appliance. BIG-IP optimizes the network infrastructure to deliver high availability and security for critical business applications. Increasing SSL traffic results in higher numbers of keys and certificates. Protecting and managing these critical components represents an additional challenge in traditional software environments where they might be exposed to targeted threats.

The solution: F5 and Thales together deliver high performance and enhanced security

With F5, customers can simultaneously manage high volume SSL connections to deliver secure connectivity while meeting operational demands. Organizations looking to further extend the security of SSL-based operations can deploy F5 BIG-IP with Thales network-based hardware security modules (HSMs) to achieve operational efficiency and high assurance. Thales nShield Connect HSMs safeguard and manage large numbers of critical SSL keys and certificates within a dedicated, hardened device, ensuring that keys are never exposed to unauthorized entities. Regulated customers in government, financial services, healthcare and other industries require high security solutions that are independently certified to internationally recognized security standards. Integration of BIG-IP with nShield Connects provide FIPS 140-2 Level 3 certified protection, which enables organizations to deliver a high security environment and comply with industry best practices. Thales nShield Connects also enable auditable key and certification validation per established security policies, including enforcement of dual controls and separation of duties. Regulated customers are often required to use FIPS-approved HSMs, and Ponemon Institute research shows that auditors recommend the use of HSMs to facilitate audit and regulatory compliance.

Vormetric Key Management as a Service

For virtually every organization today, the adoption of cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With Vormetric Key Management as a Service (KMaaS), your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.

Enjoy Fast, Flexible Implementation Deploy in the cloud or on-premises. Either way, this key management solution features an intuitive, easy-to-use interface, simple implementation, and instant scalability.

Control Keys Over their Lifecycle

Leverage the bring your own key (BYOK) APIs provided by cloud vendors to gain full control over the key management lifecycle, including key creation, uploading, updating, storing, revocation, and reporting.

nShield Bring Your Own Key

With nShield BYOK, you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys. Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.

Stronger control over your keysUse your own nShield HSMs in your own environment to create, store and securely export your keys to the cloud.

Superior key generationnShield HSMs use a certified, high-entropy random number generator to create keys of higher quality than typically generated in software.

Videos

Contact Us

Thales e-Security is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premise, in the cloud, in data centers and in big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices.

*
First Name*
Last Name*
Company*
Job Title*
Email*
PhoneAdditional Info*How many employees in your company